Applying the “Risk-based Approach to the Quality Review

Although the concept of “Risk Based Approach” is not new to Validation, it is not often applied to the Quality Review for a Validation project. With the realities of increased volume of validation work and finite QA resources, it makes sense to target the Quality Review on the areas of most significance. I’ve mocked up this frame work to do exactly that. Any thoughts?


Targeted, Risk-based CSV Operational Quality (QA) Review

Request for Quality Review: The Validation Team (Business/Technical/Validation unit provides the list of deliverables to be generated for a given project in conjunction with the request for Quality Unit Review for the project.

The Quality Impact Assessment is conducted independently by the Quality Unit to determine the level of review required for a given Validation project. The Quality Unit will review and sign the Risk Assessment.

There will be an Internal Escalation Process to the QA review triggered by various flags or issues (e.g., request from stakeholders, problems detected during review, etc.) that can potentially increase the level of Quality Review within a project.

Quality Impact Assessment Targeted QA Review QA Approvals Example Scenario
Critical All deliverables; 100% Review Risk Assessment, Plan, Report Directed; GMP LIMS for Release
High Risk Assessment, Plan, User Requirements, Report, Sampling of Scripts (e.g., SQ N+1) Risk Assessment, Plan, Report PVDB; Clinical DB; Primary GLP Data System (e.g., SDMS)
Medium Risk Assessment, Plan, Report Risk Assessment, Plan, Report Clinical Trial Management System (Monitoring), Laboratory Data Generating System
Low Risk Assessment Risk Assessment Indirect GxP System (e.g., Learning Management System)